{ config, containerCfg, pkgs, lib, builder, name,... }: let serverCfg = config.syscfg.server; # Umami image built from nixpkgs image = pkgs.dockerTools.streamLayeredImage { name = pkgs.umami.name; tag = pkgs.umami.version; contents = with pkgs; [ cacert openssl ]; config = { # Umami in nixpkgs typically provides a binary or script to start the server Entrypoint = [ "${pkgs.umami}/bin/umami-server" ]; ExposedPorts = { "3000/tcp" = {}; }; Env = [ "NODE_ENV=production" ]; }; }; in { sops = true; db = true; paths = [{ path = "${serverCfg.configPath}/umami/"; mode = "0444"; }]; containers = { server = builder.mkContainer { subdomain = containerCfg.subdomain; imageStream = image; port = 3000; secret = name; extraEnv = { PORT = "3000"; # HOSTNAME = "${containerCfg.subdomain}.${serverCfg.hostDomain}"; DATABASE_TYPE = "postgresql"; REDIS_URL = "redis://${builder.host}"; CLIENT_IP_HEADER = "X-Forwarded-For"; BASE_PATH = lib.optionalString (containerCfg.subpath or null != null) "/${containerCfg.subpath}"; # DISABLE_LOGIN = "1";#(if serverCfg.containers?authentik then "1" else "0"); }; extraLabels = { "traefik.http.middlewares.umami-global.plugin.umami-feeder.umamiHost" = "http://umami-server:3000"; "traefik.http.middlewares.umami-global.plugin.umami-feeder.umamiUsername" = "admin"; "traefik.http.middlewares.umami-global.plugin.umami-feeder.umamiPassword" = "umami"; "traefik.http.middlewares.umami-global.plugin.umami-feeder.createNewWebsites" = "true"; } // ( if serverCfg.containers?authentik then { "traefik.http.routers.${containerCfg.subdomain}.middlewares" = if serverCfg.containers?authentik then "authentik" else ""; } else {}); extraOptions = [ "--tmpfs=/tmp:rw,noexec,nosuid,size=512m" ]; overrides = { cmd = [ "start" ]; # Specific command for the umami binary }; }; }; }